On Tue Jan 15, 2002 at 06:16:40PM +0000, Sven Mueller wrote:

> > > What is it?
> >
> > Added protection for your system by implementing a hefty ACL set on
> > your system. Basically, it will nicely protect your system... I've
> > got the kernel built and am working on a default set of ACLs to use.
> >
> > So far so good! Using the default ACLs that come with lids, I was
> > unable to start NFS and unable to start X, so I have some work ahead
> > of me. =)
>
> I have a question to those who already use(d) LIDS:
> If I understand the statements in www.lids.org/about correctly, these
> patches will allow users to protect (and hide) files from being
> manipulated (seen) by anyone, including root. Is this right? If so,
> could I (as root/owner of the system) set up ACLs that disable some of
> those "features" on my system, like making it possible to protect
> files/processes against other users, including hiding them, but not
> including the possibility to hide processes from (for?) root?
> That is:
> I would like certain features of LIDS, even including the process/file
> hide features, but I don't want my users to be able to run processes
> on my machine that I couldn't even see (nor kill). I also want to be
> able to see any of their executable files (but don't care much for
> their data files, but they should probably be visible/readable for me,
> I don't want them to be doing anything illegal on my system).

A user can't arbitrarily decide to be able to hide their processes
from root. This is setup via the lidsconf tool, which on a normal
system, only root should be able to execute.

If you go to http://www.mandrakesecure.net/en/docs/lids.php and take a
look at my mdklids.sh script at the bottom, you'll see some of what
the LIDS ACLs look like. These ACLs can be changed on the fly, but
only by the administrator. Users have absolutely no control over LIDS
or how it works (it wouldn't be much good if they did).

For instance, this is how it works. When you boot, LIDS seals the
kernel with your current configuration. What is allowed is, what
isn't is logged and denied, according to your ACLs. These ACLs can be
changed on the fly, by using the command "lidsadm -S -- -LIDS", which
will give you a "LIDS-free" session. In this session, LIDS ACLs are
not applied. This allows you to change/modify/check your LIDS
configuration. You can reload the configuration in your LFS (LIDS
Free Session), but the ACLs are only applied to new services/processes
that start from that point... currently running processes do not
magically obtain rights or are denied rights based on your ACLs.
Ie. if you changed something to do with ntpd, you would have to
restart ntpd for those changes to go into effect.

The nice thing about this is that your LIDS admin password can be
different (and should be different) from your root password. It's not
possible for a user to try and crack the password as it's stored,
encrypted in /etc/lids/lids.pw and /etc/lids *should* have a DENY
capability set. Ie. if anyone, including root, not in an LFS, tries
to do anything with the /etc/lids directory or any files it contains,
their action is denied and logged. No cracker can get to your LIDS
password or configuration information to determine how LIDS is
configured. The only way you can do this is to be in an LFS.

Hope this clears up things a little bit. Read the article for more
details. =)

-- 
MandrakeSoft Security, OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
Current Linux kernel 2.4.8-34.1mdk uptime: 4 days 5 hours 49 minutes.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE8ROJAIEPQ5f5vKv0RAnoCAKCDM2w9x7STRA+m0XF6mAgQ+C9d3ACgidJy JXybE28qbKi+pgcboeV7ZOg= =xUaJ -----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]